Vulnerability from csaf_suse
Published
2021-02-26 10:14
Modified
2021-02-26 10:14
Summary
Recommended update for SUSE Manager 4.0.12.1 Release Notes
Notes
Title of the patch
Recommended update for SUSE Manager 4.0.12.1 Release Notes
Description of the patch
This update for SUSE Manager 4.0.12.1 Release Notes provides the following additions:
Release notes for SUSE Manager:
- Revision 4.0.12.1
- Bugs mentioned
bsc#1181550, bsc#1181556, bsc#1181557, bsc#1181558, bsc#1181559, bsc#1181560, bsc#1181561, bsc#1181562, bsc#1181563,
bsc#1181564, bsc#1181565, CVE-2021-25281, CVE-2021-25282, CVE-2021-3197, CVE-2021-25283, CVE-2020-28243,
CVE-2020-35662, CVE-2021-25284, CVE-2020-28972, CVE-2021-3148, CVE-2021-3144
Release notes for SUSE Manager proxy:
- Update to 4.0.12.1
- Bugs mentioned
bsc#1181550, bsc#1181556, bsc#1181557, bsc#1181558, bsc#1181559, bsc#1181560, bsc#1181561, bsc#1181562, bsc#1181563,
bsc#1181564, bsc#1181565, CVE-2021-25281, CVE-2021-25282, CVE-2021-3197, CVE-2021-25283, CVE-2020-28243,
CVE-2020-35662, CVE-2021-25284, CVE-2020-28972, CVE-2021-3148, CVE-2021-3144
Patchnames
SUSE-2021-632,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-632,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-632,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-632
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Recommended update for SUSE Manager 4.0.12.1 Release Notes", title: "Title of the patch", }, { category: "description", text: "This update for SUSE Manager 4.0.12.1 Release Notes provides the following additions:\n\nRelease notes for SUSE Manager:\n\n- Revision 4.0.12.1\n- Bugs mentioned\n bsc#1181550, bsc#1181556, bsc#1181557, bsc#1181558, bsc#1181559, bsc#1181560, bsc#1181561, bsc#1181562, bsc#1181563, \n bsc#1181564, bsc#1181565, CVE-2021-25281, CVE-2021-25282, CVE-2021-3197, CVE-2021-25283, CVE-2020-28243, \n CVE-2020-35662, CVE-2021-25284, CVE-2020-28972, CVE-2021-3148, CVE-2021-3144\n\nRelease notes for SUSE Manager proxy:\n\n- Update to 4.0.12.1\n- Bugs mentioned\n bsc#1181550, bsc#1181556, bsc#1181557, bsc#1181558, bsc#1181559, bsc#1181560, bsc#1181561, bsc#1181562, bsc#1181563, \n bsc#1181564, bsc#1181565, CVE-2021-25281, CVE-2021-25282, CVE-2021-3197, CVE-2021-25283, CVE-2020-28243, \n CVE-2020-35662, CVE-2021-25284, CVE-2020-28972, CVE-2021-3148, CVE-2021-3144\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2021-632,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-632,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-632,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-632", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2021_0632-1.json", }, { category: "self", summary: "URL for SUSE-RU-2021:0632-1", url: "https://www.suse.com/support/update/announcement//suse-ru-20210632-1/", }, { category: "self", summary: "E-Mail link for SUSE-RU-2021:0632-1", url: "https://lists.suse.com/pipermail/sle-updates/2021-February/018093.html", }, { category: "self", summary: "SUSE Bug 1181550", url: "https://bugzilla.suse.com/1181550", }, { category: "self", summary: "SUSE Bug 1181556", url: "https://bugzilla.suse.com/1181556", }, { category: "self", summary: "SUSE Bug 1181557", url: "https://bugzilla.suse.com/1181557", }, { category: "self", summary: "SUSE Bug 1181558", url: "https://bugzilla.suse.com/1181558", }, { category: "self", summary: "SUSE Bug 1181559", url: "https://bugzilla.suse.com/1181559", }, { category: "self", summary: "SUSE Bug 1181560", url: "https://bugzilla.suse.com/1181560", }, { category: "self", summary: "SUSE Bug 1181561", url: "https://bugzilla.suse.com/1181561", }, { category: "self", summary: "SUSE Bug 1181562", url: "https://bugzilla.suse.com/1181562", }, { category: "self", summary: "SUSE Bug 1181563", url: "https://bugzilla.suse.com/1181563", }, { category: "self", summary: "SUSE Bug 1181564", url: "https://bugzilla.suse.com/1181564", }, { category: "self", summary: "SUSE Bug 1181565", url: "https://bugzilla.suse.com/1181565", }, { category: "self", summary: "SUSE CVE CVE-2020-28243 page", url: "https://www.suse.com/security/cve/CVE-2020-28243/", }, { category: "self", summary: "SUSE CVE CVE-2020-28972 page", url: "https://www.suse.com/security/cve/CVE-2020-28972/", }, { category: "self", summary: "SUSE CVE CVE-2020-35662 page", url: "https://www.suse.com/security/cve/CVE-2020-35662/", }, { category: "self", summary: "SUSE CVE CVE-2021-25281 page", url: "https://www.suse.com/security/cve/CVE-2021-25281/", }, { category: "self", summary: "SUSE CVE CVE-2021-25282 page", url: "https://www.suse.com/security/cve/CVE-2021-25282/", }, { category: "self", summary: "SUSE CVE CVE-2021-25283 page", url: "https://www.suse.com/security/cve/CVE-2021-25283/", }, { category: "self", summary: "SUSE CVE CVE-2021-25284 page", url: "https://www.suse.com/security/cve/CVE-2021-25284/", }, { category: "self", summary: "SUSE CVE CVE-2021-3144 page", url: "https://www.suse.com/security/cve/CVE-2021-3144/", }, { category: "self", summary: "SUSE CVE CVE-2021-3148 page", url: "https://www.suse.com/security/cve/CVE-2021-3148/", }, { category: "self", summary: "SUSE CVE CVE-2021-3197 page", url: "https://www.suse.com/security/cve/CVE-2021-3197/", }, ], title: "Recommended update for SUSE Manager 4.0.12.1 Release Notes", tracking: { current_release_date: "2021-02-26T10:14:00Z", generator: { date: "2021-02-26T10:14:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-RU-2021:0632-1", initial_release_date: "2021-02-26T10:14:00Z", revision_history: [ { date: "2021-02-26T10:14:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "release-notes-susemanager-4.0.12.1-3.68.1.aarch64", product: { name: "release-notes-susemanager-4.0.12.1-3.68.1.aarch64", product_id: "release-notes-susemanager-4.0.12.1-3.68.1.aarch64", }, }, { category: "product_version", name: "release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.aarch64", product: { name: "release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.aarch64", product_id: "release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "release-notes-susemanager-4.0.12.1-3.68.1.i586", product: { name: "release-notes-susemanager-4.0.12.1-3.68.1.i586", product_id: "release-notes-susemanager-4.0.12.1-3.68.1.i586", }, }, { category: "product_version", name: "release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.i586", product: { name: "release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.i586", product_id: "release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", product: { name: "release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", product_id: "release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", }, }, { category: "product_version", name: "release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.ppc64le", product: { name: "release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.ppc64le", product_id: "release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "release-notes-susemanager-4.0.12.1-3.68.1.s390x", product: { name: "release-notes-susemanager-4.0.12.1-3.68.1.s390x", product_id: "release-notes-susemanager-4.0.12.1-3.68.1.s390x", }, }, { category: "product_version", name: "release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.s390x", product: { name: "release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.s390x", product_id: "release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "release-notes-susemanager-4.0.12.1-3.68.1.x86_64", product: { name: "release-notes-susemanager-4.0.12.1-3.68.1.x86_64", product_id: "release-notes-susemanager-4.0.12.1-3.68.1.x86_64", }, }, { category: "product_version", name: "release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", product: { name: "release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", product_id: "release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Manager Proxy 4.0", product: { name: "SUSE Manager Proxy 4.0", product_id: "SUSE Manager Proxy 4.0", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-proxy:4.0", }, }, }, { category: "product_name", name: "SUSE Manager Retail Branch Server 4.0", product: { name: "SUSE Manager Retail Branch Server 4.0", product_id: "SUSE Manager Retail Branch Server 4.0", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-retail-branch-server:4.0", }, }, }, { category: "product_name", name: "SUSE Manager Server 4.0", product: { name: "SUSE Manager Server 4.0", product_id: "SUSE Manager Server 4.0", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-server:4.0", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64 as component of SUSE Manager Proxy 4.0", product_id: "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", }, product_reference: "release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", relates_to_product_reference: "SUSE Manager Proxy 4.0", }, { category: "default_component_of", full_product_name: { name: "release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0", product_id: "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", }, product_reference: "release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", relates_to_product_reference: "SUSE Manager Retail Branch Server 4.0", }, { category: "default_component_of", full_product_name: { name: "release-notes-susemanager-4.0.12.1-3.68.1.ppc64le as component of SUSE Manager Server 4.0", product_id: "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", }, product_reference: "release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", relates_to_product_reference: "SUSE Manager Server 4.0", }, { category: "default_component_of", full_product_name: { name: "release-notes-susemanager-4.0.12.1-3.68.1.s390x as component of SUSE Manager Server 4.0", product_id: "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", }, product_reference: "release-notes-susemanager-4.0.12.1-3.68.1.s390x", relates_to_product_reference: "SUSE Manager Server 4.0", }, { category: "default_component_of", full_product_name: { name: "release-notes-susemanager-4.0.12.1-3.68.1.x86_64 as component of SUSE Manager Server 4.0", product_id: "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", }, product_reference: "release-notes-susemanager-4.0.12.1-3.68.1.x86_64", relates_to_product_reference: "SUSE Manager Server 4.0", }, ], }, vulnerabilities: [ { cve: "CVE-2020-28243", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-28243", }, ], notes: [ { category: "general", text: "An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-28243", url: "https://www.suse.com/security/cve/CVE-2020-28243", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2020-28243", url: "https://bugzilla.suse.com/1181550", }, { category: "external", summary: "SUSE Bug 1181556 for CVE-2020-28243", url: "https://bugzilla.suse.com/1181556", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-02-26T10:14:00Z", details: "important", }, ], title: "CVE-2020-28243", }, { cve: "CVE-2020-28972", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-28972", }, ], notes: [ { category: "general", text: "In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-28972", url: "https://www.suse.com/security/cve/CVE-2020-28972", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2020-28972", url: "https://bugzilla.suse.com/1181550", }, { category: "external", summary: "SUSE Bug 1181557 for CVE-2020-28972", url: "https://bugzilla.suse.com/1181557", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-02-26T10:14:00Z", details: "important", }, ], title: "CVE-2020-28972", }, { cve: "CVE-2020-35662", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-35662", }, ], notes: [ { category: "general", text: "In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-35662", url: "https://www.suse.com/security/cve/CVE-2020-35662", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2020-35662", url: "https://bugzilla.suse.com/1181550", }, { category: "external", summary: "SUSE Bug 1181565 for CVE-2020-35662", url: "https://bugzilla.suse.com/1181565", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.4, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, products: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-02-26T10:14:00Z", details: "important", }, ], title: "CVE-2020-35662", }, { cve: "CVE-2021-25281", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25281", }, ], notes: [ { category: "general", text: "An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25281", url: "https://www.suse.com/security/cve/CVE-2021-25281", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2021-25281", url: "https://bugzilla.suse.com/1181550", }, { category: "external", summary: "SUSE Bug 1181559 for CVE-2021-25281", url: "https://bugzilla.suse.com/1181559", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-02-26T10:14:00Z", details: "important", }, ], title: "CVE-2021-25281", }, { cve: "CVE-2021-25282", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25282", }, ], notes: [ { category: "general", text: "An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25282", url: "https://www.suse.com/security/cve/CVE-2021-25282", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2021-25282", url: "https://bugzilla.suse.com/1181550", }, { category: "external", summary: "SUSE Bug 1181560 for CVE-2021-25282", url: "https://bugzilla.suse.com/1181560", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-02-26T10:14:00Z", details: "important", }, ], title: "CVE-2021-25282", }, { cve: "CVE-2021-25283", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25283", }, ], notes: [ { category: "general", text: "An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25283", url: "https://www.suse.com/security/cve/CVE-2021-25283", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2021-25283", url: "https://bugzilla.suse.com/1181550", }, { category: "external", summary: "SUSE Bug 1181561 for CVE-2021-25283", url: "https://bugzilla.suse.com/1181561", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-02-26T10:14:00Z", details: "important", }, ], title: "CVE-2021-25283", }, { cve: "CVE-2021-25284", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25284", }, ], notes: [ { category: "general", text: "An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25284", url: "https://www.suse.com/security/cve/CVE-2021-25284", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2021-25284", url: "https://bugzilla.suse.com/1181550", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-02-26T10:14:00Z", details: "important", }, ], title: "CVE-2021-25284", }, { cve: "CVE-2021-3144", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3144", }, ], notes: [ { category: "general", text: "In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3144", url: "https://www.suse.com/security/cve/CVE-2021-3144", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2021-3144", url: "https://bugzilla.suse.com/1181550", }, { category: "external", summary: "SUSE Bug 1181562 for CVE-2021-3144", url: "https://bugzilla.suse.com/1181562", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-02-26T10:14:00Z", details: "important", }, ], title: "CVE-2021-3144", }, { cve: "CVE-2021-3148", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3148", }, ], notes: [ { category: "general", text: "An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3148", url: "https://www.suse.com/security/cve/CVE-2021-3148", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2021-3148", url: "https://bugzilla.suse.com/1181550", }, { category: "external", summary: "SUSE Bug 1181558 for CVE-2021-3148", url: "https://bugzilla.suse.com/1181558", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-02-26T10:14:00Z", details: "important", }, ], title: "CVE-2021-3148", }, { cve: "CVE-2021-3197", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3197", }, ], notes: [ { category: "general", text: "An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3197", url: "https://www.suse.com/security/cve/CVE-2021-3197", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2021-3197", url: "https://bugzilla.suse.com/1181550", }, { category: "external", summary: "SUSE Bug 1181564 for CVE-2021-3197", url: "https://bugzilla.suse.com/1181564", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Proxy 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Retail Branch Server 4.0:release-notes-susemanager-proxy-4.0.12.1-0.16.52.1.x86_64", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.ppc64le", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.s390x", "SUSE Manager Server 4.0:release-notes-susemanager-4.0.12.1-3.68.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-02-26T10:14:00Z", details: "important", }, ], title: "CVE-2021-3197", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.